Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-04-11
Updated
2019-04-26
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-10-20
Updated
2017-09-08
2 vulnerabilities found